v5.8 of GAP Burp Extension is available: ✅ Improve the quality of the parameter list ✅ Find extra links from fetch and JQuery-like methods github.com/xnl-h4ck3r/GAP… #BugBounty 🤘

American writer William Faulkner wrote that “the past is never dead. It’s not even past” 📚 This certainly applies to archive-based recon – where snapshots from internet history can supercharge your #BugBounty hunt, as our latest article explains 👇 yeswehack.com/fr/learn-bug-b…

So excited about my first caido plugin. You choose a request and a color and it colors all similar requests (prospectively and retroactively). Enjoy! github.com/xssdoctor/Requ…

Happy Fathers Day to all the great dads out there 🤘

Subscribe for an API key to use with knoxnl by / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) and unleash your #XSS mass hunting potential! knoxss.pro - built for pros.

🎉 Since it’s my birthday, I want to give back to the community! 🥳 I’ve got 5 one-month PentesterLab vouchers to reward the best write-ups/findings of 2025 so far. To enter: 1️⃣ Follow me 2️⃣ ❤️ Like & 🔁 RT this tweet 3️⃣ 💬 Comment with a link to your own—or someone else’s—top

This week’s Disclosed. #BugBounty Beta invite for Hai, the AI security agent for hackers. RCE on Netflix. New tools for XSS, subdomain monitoring, and HTTP smuggling. Plus: SSTI, IDN homographs, and more. Highlights below 🧵

Updated: GAP (Get All Parameters, Links, and Words) portswigger.net/bappstore/815b…

I really wish I was heading to Glastonbury with everyone else right now 🏕️🎸🍻

After collecting feedback from early access users of jxscout pro, I'm launching the first general access of the pro version: jxscout.app 🚀 I'll still be giving away free trials for anyone interested. Thanks to the people that helped testing and shared feedback!

Help us send people to DefCon! We are so close to being able to send all 3 students!

jq is such a useful tool if you're dealing with JSON data. Here's an amazing cheatsheet that you need to bookmark if you're working with JSON data and want to make the most out of jq. 🔖 Bookmark now: lzone.de/#/Cheat%20Shee…

We just released episode 128! This week we're talking Blind SSRF and Self-XSS, as well as Reversing massive minified JS with AI and a wild Google Logo Ligature bug. Check it out! youtu.be/jPN2GE-umJY

Concerned about LLMs replacing pentesters? We've made enhancing your own workflow with AI easier than ever - you can now build your own AI features directly inside Repeater with Custom Actions. Here's one I built for myself which guesses param meanings:

“There is no substitute for hard work.” - Thomas Edison

🚀 Built Subdomainhound – a recon tool to find domains & subdomains via crt.sh + WhoisXML Smart batching,Auto-retries,Noise filtering,JSON output 🔗 github.com/HackerAndya/Su… – PRs/issues welcome! Thanks / XNL -н4cĸ3r (and @xnl-h4ck3r in the new Sky) for guidance. #redteam #BugBounty, #Recon

Sorry for long silence if anyone has asked me anything or waiting on anything on GitHub, etc. I will try to get my head back into things soon

v5.9 of GAP Burp Extension is available: ✅ Modified the Sus Params data to include additional data gathered from Akamai WAF threat research team intel - thanks Ryan Barnett (B0N3) @ hackersummercamp ! github.com/xnl-h4ck3r/GAP… #BugBounty 🤘

🚀 Just released a new version of jxscout You can now use your CLI to retrieve descriptors (e.g. discovered endpoints) from jxscout as an alternative to the VSCode extension 📝 Changelog: jxscout.app/changelog#cli-…

Today, we're releasing the new Searchlight Cyber (Searchlight Cyber) tools website, which allows you to use several of our open-source tools for free via a web interface. You can self-register at tools.slcyber.io (+ all our wordlists will be released there from now on!)